package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class JDBCDemo6 {
    public static void main(String[] args) {
        try (
                Connection connection=DBUtil.getConnection();
        ){
            String sql="SELECT id, username,password,nickname,age FROM userinfo WHERE username=? and password=?";
            PreparedStatement ps=connection.prepareStatement(sql);
            ps.setString(1,"王克晶");
            ps.setString(2,"'OR'1='1'");
            ResultSet rs =ps.executeQuery();
            if(rs.next()){
                System.out.println("插入成功");
            }else {
                System.out.println("插入失败");
            }

        } catch (SQLException e) {
            e.printStackTrace();
        }

    }
}
